Stuxnet Turns USB Memory Sticks into Weapons of Mass Destruction

News Analysis: The Israeli-produced worm that devastated Iran's nuclear production propagates in many ways, but the primary way is by USB memory sticks.

This story starts at the Washington, D.C., Auto Show, which is held at the end of January each year. While I was at the show, one of the people at the Land Rover display handed me a USB memory stick. I assumed that it contained a brochure or something similar, so I put it into my pocket and took it home. There, I promptly forgot about it.

Fast forward a few days and the device appeared on my desk, so I did what you're not supposed to do, and plugged it into my USB port, assuming that Norton would block any bad stuff. Apparently there wasn't any bad stuff, but what alarmed me was that this USB memory didn't appear on my desktop as a removable drive-it simply launched a video showing me a new model of the Range Rover. I couldn't detect the device as a removable drive, so I couldn't reformat it for some other use. Instead, I tossed it into the trash before the video got going.

The reason this alarmed me is that it demonstrated how easy it is to insert and execute software, good or bad, without the user knowing. Had this same USB memory module contained Stuxnet, my computer might have been infected. This is exactly what happened a couple of years ago in Iran when the Israeli Defense Forces quietly planted some USB memory sticks in places frequented by Iranian nuclear engineers. Like everyone else, they popped the devices into their computers and the rest is history.

Apparently the insertion of the USB device into the respective computers worked much like the one that showed me the Land Rover video. As soon as the device detected the insertion, it went to work and never waited for permission or a mouse click or whatever. Unlike the video, this worm never gave any indication that it was setting itself up and running. Instead, the software quietly installed itself and then took over the control computers for Iran's uranium centrifuges. It caused the centrifuges to overspeed until they were destroyed, while reporting to the operators that everything was normal.

While virtually every computer infected by Stuxnet is in Iran, or belongs to a company with a presence in Iran, that doesn't mean that you're in the clear. Now that Stuxnet has been out for a while, it's only a matter of time before malware producers use the delivery mechanism to attack other targets.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...